Secure WebSockets (wss) connection gets proxied under the set HTTP proxy even though there's no SSL proxy set Topic is solved

Users and developers helping users with generic and technical Pale Moon issues on all operating systems.

Moderator: trava90

Forum rules
This board is for technical/general usage questions and troubleshooting for the Pale Moon browser only.
Technical issues and questions not related to the Pale Moon browser should be posted in other boards!
Please keep off-topic and general discussion out of this board, thank you!
User avatar
jobbautista9
Keeps coming back
Keeps coming back
Posts: 885
Joined: 2020-11-03, 06:47
Location: Philippines
Contact:

Secure WebSockets (wss) connection gets proxied under the set HTTP proxy even though there's no SSL proxy set

Unread post by jobbautista9 » 2024-10-07, 14:38

Operating system: Windows 11 x64 23H2
Browser version: 33.4.0
32-bit or 64-bit browser?: 64-bit
Problem URL: https://bytes.programming.dev/ (This is an example, put "streaming" in the Network devtools filter to quickly see the WSS connection)
Browser theme (if not default): Moonscape
Installed add-ons: Many, not really relevant here
Installed plugins: (about:plugins): Flash, Silverlight, VLC (all disabled)

If possible, please include the output of help->troubleshooting information (as text):
Application Basics
------------------

Name: Pale Moon
Version: 33.4.0 (64-bit)
Build ID: 20241003104355
Update Channel: release
User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Goanna/6.7 Firefox/102.0 PaleMoon/33.4.0
OS: Windows_NT 10.0
CPU Capabilities: SSE2 AVX AVX2
Safe Mode: false

Extensions
----------

Name: ADPC
Version: 33.0
Enabled: true
ID: {3D1F80B5-DA79-586E-8A89-603451EF31AD}

Name: BrowserTickTock
Version: 0.1.4
Enabled: true
ID: {2ba8678b-9b58-4636-afcd-84ebcda8a2df}

Name: Chrome Navigator
Version: 0.1.0
Enabled: true
ID: {cfe51efc-2dc4-489c-b7ca-0f72dfba1c3b}

Name: CipherFox
Version: 4.2.0
Enabled: true
ID: cipherfox@mkfly

Name: Classic Add-ons Archive
Version: 2.0.3
Enabled: true
ID: ca-archive@Off.JustOff

Name: ColorPili
Version: 1.0.2
Enabled: true
ID: {44d02d22-bc0f-480a-b009-2b3eaa5772a3}

Name: Decentraleyes
Version: 1.4.3
Enabled: true
ID: jid1-BoFifL9Vbdl2zQ@jetpack

Name: DOM Inspector
Version: 3.1.7534
Enabled: true
ID: inspector@mozilla.org

Name: Extended Statusbar
Version: 2.1.2
Enabled: true
ID: {daf44bf7-a45e-4450-979c-91cf07434c3d}

Name: GetEmAll!
Version: 1.2.4
Enabled: true
ID: {4f45ab64-73d7-4bde-b9e6-0922abe8e11a}

Name: Go Menu
Version: 1.0.0
Enabled: true
ID: {bb1c1587-42cc-4804-b3a7-7e3104030047}

Name: Greasemonkey for Pale Moon
Version: 3.31.4
Enabled: true
ID: greasemonkeyforpm@janekptacijarabaci

Name: Image Search Options
Version: 2.0.3.7
Enabled: true
ID: {4a313247-8330-4a81-948e-b79936516f78}

Name: InlineDisposition Reloaded
Version: 1.0.0.0.1-signed.1-signed
Enabled: true
ID: {914d3a0b-6982-4e58-9a60-2e5d6cf6b09b}

Name: Markdown Viewer
Version: 1.12
Enabled: true
ID: markdownviewer@thiht.fr

Name: Modify HTTP Response
Version: 1.3.3
Enabled: true
ID: modhresponse@Off.JustOff

Name: Nazrin
Version: 1.0.1
Enabled: true
ID: nazrin@mima.geidontei.chaotic.ninja

Name: Old style JavaScript Alert
Version: 1.3.5
Enabled: true
ID: {78c79379-1502-4792-968a-6c173718a93a}

Name: Pale Moon Commander
Version: 3.0.1
Enabled: true
ID: commander@palemoon.org

Name: Pure URL
Version: 3.4
Enabled: true
ID: pure-url@palemoon

Name: Reader View
Version: 2.2.0
Enabled: true
ID: {1111dd1e-dd02-4c30-956f-f23c44dfea8e}

Name: Reload and Skip Cache
Version: 1.0.2
Enabled: true
ID: reloadskipcache@franklindm

Name: ReloadRepeat
Version: 33.1
Enabled: true
ID: {60D4414D-327B-53E2-A6EC-97500D0E1F3B}

Name: Sasuga
Version: 2.3.1
Enabled: true
ID: sasuga@vannilla.org

Name: sttf
Version: 33.0
Enabled: true
ID: {6B0DFFCC-16AA-5CF7-B6DC-DE502F7E7FD0}

Name: Stylem
Version: 2.2.9
Enabled: true
ID: {503a85e3-84c9-40e5-b98e-98e62085837f}

Name: ThemeTool
Version: 6.2.0
Enabled: true
ID: {0daf556d-70de-4b15-a90f-b30395bd9c22}

Name: Toolbox Plus
Version: 1.1.3
Enabled: true
ID: toolboxplus@franklindm

Name: uBlock Origin
Version: 1.16.6b1
Enabled: true
ID: uBlock0@raymondhill.net

Name: URL Rewriter
Version: 2.8.4
Enabled: true
ID: url-rewriter@papush

Name: Website Navigation Bar
Version: 3.3
Enabled: true
ID: {eab176e7-2072-480e-8db7-9e40a80723cd}

Name: Window Menu
Version: 1.1.7
Enabled: true
ID: winmenu@kurosu

Name: Yet Another about:config Helper
Version: 1.1
Enabled: true
ID: {f19cdddc-15c3-4c09-96b7-2b8f18f2578f}

Name: Ambassador
Version: 1.3.0
Enabled: false
ID: {4523665a-317f-4a66-9376-3763d1ad1978}

Name: BBCodeXtra
Version: 0.5.4
Enabled: false
ID: {af79f858-4b25-4ca4-822b-b5db1be628fc}

Name: CacheSwitch
Version: 0.7
Enabled: false
ID: {e90888b8-ee55-452b-8492-f2d54e8a9ab5}

Name: Cite4Wiki
Version: 1.6
Enabled: false
ID: cite4wiki@peeps.wiki

Name: Color My Tabs
Version: 2.2.0
Enabled: false
ID: color-my-tabs@wsdfhjxc

Name: DNSSEC/TLSA Validator
Version: 2.2.0.4
Enabled: false
ID: dnssec@nic.cz

Name: Downloads Window
Version: 0.6.5
Enabled: false
ID: {a7213cf2-fa1e-4373-88ff-255d0abd3020}

Name: FoxyProxy Standard
Version: 4.6.5
Enabled: false
ID: foxyproxy@eric.h.jung

Name: History Submenus II
Version: 4.0.4
Enabled: false
ID: HistorySubmenus2@Merci.chao

Name: History Submenus the Third
Version: 2.4.7782
Enabled: false
ID: history-submenus@projects.binaryoutcast.com

Name: Load from Cache
Version: 0.0.3
Enabled: false
ID: @loadfromcache

Name: Palefill Web Technologies Polyfill
Version: 1.28
Enabled: false
ID: palefill@addons.martoks-place.de

Name: PDF Viewer
Version: 2.3.240
Enabled: false
ID: pdf.js-seamonkey@lakora.us

Name: PMPlayer
Version: 1.8
Enabled: false
ID: {d952f8dd-f45c-4838-8e21-03c1f916883b}

Name: Splashed!
Version: 1.4.3
Enabled: false
ID: splashed@franklindm

Name: Tree Style Tabs for Pale Moon
Version: 0.0.6
Enabled: false
ID: treestyletabforpm@oinkoink

Name: TURBOLAUNCHER
Version: 2.0.9.9
Enabled: false
ID: V3-eov3cv@hotmail.com

Name: User Agent Status
Version: 1.7.2
Enabled: false
ID: {05e3b9e9-0849-4202-9266-bc8a50b3e91f}

Name: WebComponents Toggle
Version: 2.0.0
Enabled: false
ID: {99ca5bd9-6e14-431e-aad7-19df2c347719}

Graphics
--------

Features
Compositing: Direct3D 11
GPU Accelerated Windows: 1/1 Direct3D 11 (OMTC)
Asynchronous Pan/Zoom: none
WebGL 1 Driver WSI Info: EGL_VENDOR: Google Inc. (adapter LUID: 000000000001162e) EGL_VERSION: 1.4 (ANGLE 2.1.0.) EGL_EXTENSIONS: EGL_EXT_create_context_robustness EGL_ANGLE_d3d_share_handle_client_buffer EGL_ANGLE_surface_d3d_texture_2d_share_handle EGL_ANGLE_query_surface_pointer EGL_ANGLE_window_fixed_size EGL_ANGLE_keyed_mutex EGL_ANGLE_surface_orientation EGL_ANGLE_direct_composition EGL_NV_post_sub_buffer EGL_KHR_create_context EGL_EXT_device_query EGL_KHR_image EGL_KHR_image_base EGL_KHR_gl_texture_2D_image EGL_KHR_gl_texture_cubemap_image EGL_KHR_gl_renderbuffer_image EGL_KHR_get_all_proc_addresses EGL_KHR_stream EGL_KHR_stream_consumer_gltexture EGL_NV_stream_consumer_gltexture_yuv EGL_ANGLE_flexible_surface_compatibility EGL_ANGLE_stream_producer_d3d_texture_nv12 EGL_EXTENSIONS(nullptr): EGL_EXT_client_extensions EGL_EXT_platform_base EGL_EXT_platform_device EGL_ANGLE_platform_angle EGL_ANGLE_platform_angle_d3d EGL_ANGLE_device_creation EGL_ANGLE_device_creation_d3d11 EGL_ANGLE_experimental_present_path EGL_KHR_client_get_all_proc_addresses
WebGL 1 Driver Renderer: Google Inc. -- ANGLE (AMD Radeon(TM) Graphics Direct3D11 vs_5_0 ps_5_0)
WebGL 1 Driver Version: OpenGL ES 2.0 (ANGLE 2.1.0.)
WebGL 1 Driver Extensions: GL_OES_element_index_uint GL_OES_packed_depth_stencil GL_OES_get_program_binary GL_OES_rgb8_rgba8 GL_EXT_texture_format_BGRA8888 GL_EXT_read_format_bgra GL_NV_pixel_buffer_object GL_OES_mapbuffer GL_EXT_map_buffer_range GL_EXT_color_buffer_half_float GL_OES_texture_half_float GL_OES_texture_half_float_linear GL_OES_texture_float GL_OES_texture_float_linear GL_EXT_texture_rg GL_EXT_texture_compression_dxt1 GL_ANGLE_texture_compression_dxt3 GL_ANGLE_texture_compression_dxt5 GL_OES_compressed_ETC1_RGB8_texture GL_EXT_sRGB GL_ANGLE_depth_texture GL_OES_depth32 GL_EXT_texture_storage GL_OES_texture_npot GL_EXT_draw_buffers GL_EXT_texture_filter_anisotropic GL_EXT_occlusion_query_boolean GL_NV_fence GL_EXT_disjoint_timer_query GL_EXT_robustness GL_EXT_blend_minmax GL_ANGLE_framebuffer_blit GL_ANGLE_framebuffer_multisample GL_ANGLE_instanced_arrays GL_ANGLE_pack_reverse_row_order GL_OES_standard_derivatives GL_EXT_shader_texture_lod GL_EXT_frag_depth GL_ANGLE_texture_usage GL_ANGLE_translated_shader_source GL_EXT_discard_framebuffer GL_EXT_debug_marker GL_OES_EGL_image GL_OES_EGL_image_external GL_NV_EGL_stream_consumer_external GL_EXT_unpack_subimage GL_NV_pack_subimage GL_OES_vertex_array_object GL_KHR_debug GL_ANGLE_lossy_etc_decode GL_CHROMIUM_bind_uniform_location GL_CHROMIUM_sync_query GL_CHROMIUM_copy_texture
WebGL 1 Extensions: ANGLE_instanced_arrays EXT_blend_minmax EXT_color_buffer_half_float EXT_frag_depth EXT_shader_texture_lod EXT_texture_filter_anisotropic EXT_disjoint_timer_query MOZ_debug_get OES_element_index_uint OES_standard_derivatives OES_texture_float OES_texture_float_linear OES_texture_half_float OES_texture_half_float_linear OES_vertex_array_object WEBGL_color_buffer_float WEBGL_compressed_texture_etc1 WEBGL_compressed_texture_s3tc WEBGL_debug_renderer_info WEBGL_debug_shaders WEBGL_depth_texture WEBGL_draw_buffers WEBGL_lose_context MOZ_WEBGL_lose_context MOZ_WEBGL_compressed_texture_s3tc MOZ_WEBGL_depth_texture
WebGL 2 Driver WSI Info: EGL_VENDOR: Google Inc. (adapter LUID: 000000000001162e) EGL_VERSION: 1.4 (ANGLE 2.1.0.) EGL_EXTENSIONS: EGL_EXT_create_context_robustness EGL_ANGLE_d3d_share_handle_client_buffer EGL_ANGLE_surface_d3d_texture_2d_share_handle EGL_ANGLE_query_surface_pointer EGL_ANGLE_window_fixed_size EGL_ANGLE_keyed_mutex EGL_ANGLE_surface_orientation EGL_ANGLE_direct_composition EGL_NV_post_sub_buffer EGL_KHR_create_context EGL_EXT_device_query EGL_KHR_image EGL_KHR_image_base EGL_KHR_gl_texture_2D_image EGL_KHR_gl_texture_cubemap_image EGL_KHR_gl_renderbuffer_image EGL_KHR_get_all_proc_addresses EGL_KHR_stream EGL_KHR_stream_consumer_gltexture EGL_NV_stream_consumer_gltexture_yuv EGL_ANGLE_flexible_surface_compatibility EGL_ANGLE_stream_producer_d3d_texture_nv12 EGL_EXTENSIONS(nullptr): EGL_EXT_client_extensions EGL_EXT_platform_base EGL_EXT_platform_device EGL_ANGLE_platform_angle EGL_ANGLE_platform_angle_d3d EGL_ANGLE_device_creation EGL_ANGLE_device_creation_d3d11 EGL_ANGLE_experimental_present_path EGL_KHR_client_get_all_proc_addresses
WebGL 2 Driver Renderer: Google Inc. -- ANGLE (AMD Radeon(TM) Graphics Direct3D11 vs_5_0 ps_5_0)
WebGL 2 Driver Version: OpenGL ES 3.0 (ANGLE 2.1.0.)
WebGL 2 Driver Extensions: GL_OES_element_index_uint GL_OES_packed_depth_stencil GL_OES_get_program_binary GL_OES_rgb8_rgba8 GL_EXT_texture_format_BGRA8888 GL_EXT_read_format_bgra GL_NV_pixel_buffer_object GL_OES_mapbuffer GL_EXT_map_buffer_range GL_EXT_color_buffer_half_float GL_OES_texture_half_float GL_OES_texture_half_float_linear GL_OES_texture_float GL_OES_texture_float_linear GL_EXT_texture_rg GL_EXT_texture_compression_dxt1 GL_ANGLE_texture_compression_dxt3 GL_ANGLE_texture_compression_dxt5 GL_OES_compressed_ETC1_RGB8_texture GL_EXT_sRGB GL_ANGLE_depth_texture GL_OES_depth32 GL_EXT_texture_storage GL_OES_texture_npot GL_EXT_draw_buffers GL_EXT_texture_filter_anisotropic GL_EXT_occlusion_query_boolean GL_NV_fence GL_EXT_disjoint_timer_query GL_EXT_robustness GL_EXT_blend_minmax GL_ANGLE_framebuffer_blit GL_ANGLE_framebuffer_multisample GL_ANGLE_instanced_arrays GL_ANGLE_pack_reverse_row_order GL_OES_standard_derivatives GL_EXT_shader_texture_lod GL_EXT_frag_depth GL_ANGLE_texture_usage GL_ANGLE_translated_shader_source GL_EXT_discard_framebuffer GL_EXT_debug_marker GL_OES_EGL_image GL_OES_EGL_image_external GL_OES_EGL_image_external_essl3 GL_NV_EGL_stream_consumer_external GL_EXT_unpack_subimage GL_NV_pack_subimage GL_EXT_color_buffer_float GL_OES_vertex_array_object GL_KHR_debug GL_ANGLE_lossy_etc_decode GL_CHROMIUM_bind_uniform_location GL_CHROMIUM_sync_query GL_CHROMIUM_copy_texture GL_EXT_texture_norm16
WebGL 2 Extensions: EXT_color_buffer_float EXT_texture_filter_anisotropic EXT_disjoint_timer_query MOZ_debug_get OES_texture_float_linear WEBGL_compressed_texture_etc WEBGL_compressed_texture_etc1 WEBGL_compressed_texture_s3tc WEBGL_debug_renderer_info WEBGL_debug_shaders WEBGL_lose_context MOZ_WEBGL_lose_context MOZ_WEBGL_compressed_texture_s3tc
Hardware H264 Decoding: Yes; Using D3D11 API
Audio Backend: wasapi
Direct2D: true
DirectWrite: true (10.0.22621.4111)
GPU #1
Active: Yes
Description: AMD Radeon(TM) Graphics
Vendor ID: 0x1002
Device ID: 0x1636
Driver Version: 31.0.14043.7000
Driver Date: 3-26-2023
Drivers: aticfx64 aticfx64 aticfx64 amdxc64 aticfx32 aticfx32 aticfx32 amdxc32 atiumd64 atidxx64 atidxx64 atiumdag atidxx32 atidxx32 atiumdva atiumd6a
Subsys ID: 16cc1043
RAM: 512

Diagnostics
AzureCanvasAccelerated: 0
AzureCanvasBackend: direct2d 1.1
AzureContentBackend: direct2d 1.1
AzureFallbackCanvasBackend: cairo
failures: [GFX1-]: Invalid draw target type specified: 0



Failure Log
(#0) Error: Invalid draw target type specified: 0

Important Modified Preferences
------------------------------

accessibility.typeaheadfind.flashBar: 0
browser.cache.disk.capacity: 358400
browser.cache.disk.smart_size.first_run: false
browser.cache.disk.smart_size.use_old_max: false
browser.download.importedFromSqlite: true
browser.places.smartBookmarksVersion: 4
browser.search.useDBForOrder: true
browser.startup.homepage_override.buildID: 20241003104355
browser.startup.homepage_override.mstone: 6.7.0
dom.max_script_run_time: 0
dom.serviceWorkers.enabled: true
extensions.lastAppVersion: 33.4.0
font.internaluseonly.changed: false
general.useragent.override.file4go.net: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:119.0) Gecko/20100101 Firefox/119.0
general.useragent.override.gsis.gov.ph: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/115.0
general.useragent.override.messenger.com: Mozilla/5.0 (%OS_SLICE% rv:68.0) Gecko/20100101 Firefox/68.0 PaleMoon/32.2.0a1
general.useragent.updates.lastupdated: 1728309915676
gfx.crash-guard.d3d11layers.appVersion: 33.4.0
gfx.crash-guard.d3d11layers.deviceID: 0x1636
gfx.crash-guard.d3d11layers.driverVersion: 31.0.14043.7000
gfx.crash-guard.d3d11layers.feature-d2d: true
gfx.crash-guard.d3d11layers.feature-d3d11: true
gfx.crash-guard.status.d3d11layers: 2
gfx.crash-guard.status.d3d11video: 2
gfx.crash-guard.status.d3d9video: 2
image.http.accept: image/png;q=0.9,image/jxl;q=0.8,image/jpeg;q=0.7,image/*;q=0.6,*/*;q=0.5,image/webp;0.1
media.benchmark.vp9.fps: 164
media.benchmark.vp9.versioncheck: 3
media.hardware-video-decoding.failed: false
media.mediasource.enabled: false
network.cookie.cookieBehavior: 3
network.cookie.prefsMigrated: true
network.http.proxy.pipelining: true
network.http.spdy.enabled.http2: false
places.database.lastMaintenance: 1727871526
places.history.expiration.transient_current_max_pages: 124408
plugin.disable_full_page_plugin_for_types:
plugin.state.flash: 0
plugin.state.npctrl: 0
plugin.state.npvlc: 0
privacy.cpd.cookies: false
privacy.cpd.downloads: false
privacy.cpd.formdata: false
privacy.cpd.history: false
privacy.cpd.sessions: false
privacy.GPCheader.enabled: true
privacy.sanitize.migrateFx3Prefs: true
security.disable_button.openCertManager: false
security.insecure_field_warning.contextual.enabled: true
services.sync.declinedEngines: forms,history
services.sync.engine.greasemonkey: true
services.sync.engine.history: false
services.sync.engine.prefs.modified: false
services.sync.lastPing: 1728305360
services.sync.lastSync: Mon Oct 07 2024 22:23:22 GMT+0800 (Malay Peninsula Standard Time)
services.sync.numClients: 3
storage.vacuum.last.index: 1
storage.vacuum.last.places.sqlite: 1727757752
ui.osk.debug.keyboardDisplayReason: IKPOS: Touch screen not found.

Important Locked Preferences
----------------------------

Places Database
---------------

JavaScript
----------

Incremental GC: true

Accessibility
-------------

Activated: false
Prevent Accessibility: 1

Library Versions
----------------

NSPR
Expected minimum version: 4.35
Version in use: 4.35

NSS
Expected minimum version: 3.90.4
Version in use: 3.90.4

NSSSMIME
Expected minimum version: 3.90.4
Version in use: 3.90.4

NSSSSL
Expected minimum version: 3.90.4
Version in use: 3.90.4

NSSUTIL
Expected minimum version: 3.90.4
Version in use: 3.90.4
It seems that even though I have no SSL proxy set in my Network settings, my WebSockets connections still get proxied under the HTTP proxy I have set, even if the WebSockets is secure (wss). I first noticed this when I randomly opened up the Network tab of devtools while in a logged in session of Mastodon, and noticed the WebSockets (presumably for the push notifications since WebSockets is not used when you use Mastodon while logged out) getting proxied under my Squid. Which is weird because that WebSockets should be secure (and indeed it is). So I knew I had to check in another website which makes use of WebSockets for all users...

What's pretty interesting is that this bug happens in the latest Firefox too. I suppose everybody in Mozilla forgot to check whether the WebSockets are functioning as expected when a proxy is set.. Which would be surprising since WS debuted way back in Firefox 11, so maybe this could be a regression somewhere between versions 11 and 52..? :think:
Attachments
WSS
WSS
HTTPS
HTTPS
Image

:akko_derp:

XUL add-ons developer. You can find a list of add-ons I manage at http://rw.rs/~job/software.html.

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 36608
Joined: 2011-08-28, 17:27
Location: Motala, SE
Contact:

Re: Secure WebSockets (wss) connection gets proxied under the set HTTP proxy even though there's no SSL proxy set

Unread post by Moonchild » 2024-10-07, 15:36

Apparently this is "by design".

Websockets were made to "be http and https compatible" when they were introduced.
Websockets use the HTTP Upgrade mechanism to upgrade to the Websocket protocol. Websockets feature an HTTP-compatible handshake so that HTTP servers (and proxies) can share their default HTTP and HTTPS ports (80 and 443) with a WebSocket server. To establish a WebSocket connection, the client and server upgrade from the HTTP protocol to the Web Socket protocol during an initial handshake.
So, the proxy traffic you're seeing is most likely the initial handshake, resulting in an "upgrade" connection and/or http 101 "switching protocols" before the wss traffic flows direct to the wss server.
Of course it feels weird that what is effectively an https request goes through an http proxy, but if it's just tunnelled through http then that doesn't actually matter as it's not a direct-proxied request (and the authentication will be end-to-end anyway). I do think this is fine as-is.
{{This headspace for lease}}
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite

User avatar
jobbautista9
Keeps coming back
Keeps coming back
Posts: 885
Joined: 2020-11-03, 06:47
Location: Philippines
Contact:

Re: Secure WebSockets (wss) connection gets proxied under the set HTTP proxy even though there's no SSL proxy set

Unread post by jobbautista9 » 2024-10-07, 15:50

Yeah I do realize now it's effectively going to be the same anyway in the end. Checking with Wireshark it does seem like the browser still uses CONNECT tunneling first instead of straight away upgrading to WebSockets (it apparently is possible to do that after testing with telnet, see code block hidden below). Just weird to me that it's still possible for requests to port 443 (which is where a wss server would be listening) to be proxied even if there's no SSL proxy set...

(Telnet session as mentioned earlier:)

Code: Select all

$ telnet <redacted> 3128
Trying <redacted>...
Connected to <redacted>.
Escape character is '^]'.
GET https://misskey.io/streaming?_t=1728317113773 HTTP/1.1
Host: misskey.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br, zstd
Sec-WebSocket-Version: 13
Origin: https://misskey.io
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: L/0Wv52c1escDXrkt17C1w==
Connection: keep-alive, Upgrade
Cookie: cf_clearance=<very long cloudflare string>
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Date: Mon, 07 Oct 2024 16:06:00 GMT
Sec-WebSocket-Accept: OibJFq2oCLKzakd8aQyjHkYnzuI=
Strict-Transport-Security: max-age=2592000; includeSubDomains; preload
CF-Cache-Status: DYNAMIC
expect-ct: max-age=86400, enforce
referrer-policy: same-origin
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
Server: cloudflare
CF-RAY: 8cef22c7be43ce1f-SIN
Upgrade: websocket
Connection: upgrade
Image

:akko_derp:

XUL add-ons developer. You can find a list of add-ons I manage at http://rw.rs/~job/software.html.

Post Reply